Cancer Care Group Suffers Security Breach

Indiana's Cancer Care Group (CCG) recently acknowledged that backup media containing information on 55,000 patients and employees was stolen from an employee's car on July 19. The data included patient names, addresses, dates of birth, Social Security numbers, medical record numbers, insurance information and clinical information; and employees' dates of birth, Social Security numbers, and beneficiary names.

"There is no evidence to believe that the back-up media were the target of the theft or that any of the information on the media has been accessed or used for fraudulent purposes," CCG stated in a notice on its Web site. "Cancer Care Group assures its patients and employees that it took immediate steps to investigate and attempt to recover the back-up media. A police report was filed and patients and employees are being notified. Unfortunately, the back-up media have not yet been recovered."

"Furthermore, the Cancer Care Group’s representatives claim that they’re in the process of adding encryption and other security mechanisms to all their computing devices to prevent misuse in case they get stolen," writes Softpedia's Eduard Kovacs.

"Whilst we mustn't forget that CCG is the victim of a crime here, we also have to ask, 'Why would anyone, ever, leave an unencrypted laptop unattended in a car?' That's like running a public-facing blog using WordPress 1.5.2 on an unpatched Windows 2000 server," writes Sophos' Paul Ducklin.